Skip to main content

Several other Box users at my organization and I have noticed that SSO authentication does not work in Firefox. It yields a blank page after logging in through our organization’s login system instead of continuing with the authentication process. One of my colleagues was able to re-create this issue today by attempting to sign in to Box in Firefox (while trying to configure an Rclone remote). In the developer tools, the error

Content Security Policy: The page's settings blocked the loading of a resource at inline ("default-src").

is given.

This authentication issue is caused by the Box site’s Content Security Policy (CSP), which blocks inline JavaScript, paired with the reliance of the SSO page on inline JavaScript. Firefox adheres strictly to the CSP, so it does not allow the script to run. Other browsers, like Chrome and Konqueror, have no such issue (likely because they ignore this part of the CSP). It's also possible to work around this issue on Firefox by running

document.formso0].submit();

from the console twice while on the blank page.

This is likely the same issue that causes the problem described in 

 


Hi ​@robbenmigacz

Welcome to Box Community and we’re glad to assist! 

I’ll go ahead and create a new case and someone from Box Product Support team will reach out to you through email. Please keep an eye out and we will be in touch. 

 

Thanks for posting and we look forward in getting this sorted out very soon!


Reply